Re: [Linux-ima-user] Deadlock after enabling EVM in fix mode

SourceForge Headquarters 1320 Columbia Street Suite 310 San Diego, CA 92101 +1 (858) 422-6466

On Wed, 2014-02-12 at 13:50 +0000, Lipinski, MarekX wrote:
> I forgot to mention - I do not use initramfs/initrd. 
> 
> Normally it may not make sense to use hash based security without
> having initramfs. However the plan is to protect evm-key in different,
> platform-specific way. 
> 
> Altgough I think hash based IMA/EVM without ram disk is still legal,
> isn't it?

I guess we'll find out. :)   Is there any reason for attempting to load
a kernel module, when hmac(sha1) should be built in?  We really want to
skip the modprobe entirely.  Wondering what would happen if the modprobe
proc entry was NULL...  It looks like the modprobe would be skipped.
The last line of crypto/api.c: crypto_larval_lookup() will simply call 
crypto_larval_add() to add it.

thanks,

Mimi